Ignore:
Timestamp:
Aug 23, 2010, 4:21:16 PM (6 years ago)
Author:
keesvb
Message:

first implementation of user-based REST services, only checks whether a user is owner of a study and returns the studies and assays only for his/her owned studies. The other methods are not secured yet, but ought to go via study or assay.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/grails-app/controllers/RestController.groovy

    r829 r831  
    1616 */
    1717
    18 import data.*
    1918import dbnp.studycapturing.Study
    2019import dbnp.studycapturing.Assay
    2120import grails.converters.*
    22 import org.codehaus.groovy.grails.web.json.*
    23 
     21import nl.metabolomicscentre.dsp.http.BasicAuthentication
    2422
    2523
     
    3230     /**************************************************/
    3331
     32        def authService
    3433        def beforeInterceptor = [action:this.&auth]
    3534        def credentials
     35        def requestUser
    3636// defined as a regular method so its private
    3737
     38        /**
     39         * Authorization closure, which is run before executing any of the REST resource actions
     40         * It fetches a username/password combination from basic HTTP authentication and checks whether
     41         * that is an active (nimble) account
     42         * @return
     43         */
    3844        def auth() {
    39             credentials = nl.metabolomicscentre.dsp.http.BasicAuthentication.credentialsFromRequest(request)
    40                 if(false) {
     45            credentials = BasicAuthentication.credentialsFromRequest(request)
     46                requestUser = authService.authUser(credentials.u,credentials.p)
     47                if(!requestUser) {
    4148                    response.sendError(403)
    4249                return false
    4350            }
     51                else {
     52                        return true
     53                }
    4454        }
    4555
     
    5565        def getStudies = {
    5666                List studies = []
    57                 Study.list().each { study ->
     67                Study.findAllByOwner(requestUser).each { study ->
    5868                        studies.push( [ 'externalStudyID': study.code, 'name':study.title ] )
    5969                }
     
    93103                List assays = []
    94104                if( params.externalStudyID ) {
    95                         println params.moduleURL
    96                         def study = Study.find( "from Study as s where s.code=?", [params.externalStudyID])
     105                        def study = Study.find( "from Study as s where s.owner=? and s.code=?", [requestUser.getId(), params.externalStudyID])
    97106                        if(study) study.assays.each{ assay ->
    98                                 println assay.module.url
    99107                                if (assay.module.url.equals(params.moduleURL)) {
    100108                                def map = ['name':assay.name, 'externalAssayID':assay.externalAssayID]
Note: See TracChangeset for help on using the changeset viewer.